The current reality has pushed users, applications, and data to the edge of the network —where traditional perimeter security solutions have historically fallen short. Threat actors know this, of course, and have spent the past nine months targeting the weakest link in the security stack: the user.
Email and web browsing continue to be popular attack vectors. Security vendors have beefed up web and email security, but issues with legacy architectures are letting some attacks slip through. Information and context derived from advanced threat intelligence remain the most powerful weapons in a security team’s arsenal. Advanced technologies such as artificial intelligence and machine learning can help scan, detect, and warn at scale, but they’re not bulletproof. Increasingly sophisticated threat actors, powered by AI and ML, are finding ways to evade threat detection.
Security professionals interested in learning more about the current state of advanced threat inspection, threat intelligence, and the emerging technologies that power these capabilities should check out the following sessions:
Artificial intelligence and machine learning are powerful, indeed essential, components of security Continue reading
How do you become a “senior engineer?” It’s a question I’m asked quite often, actually, and one that deserves a better answer than the one I usually give. Charity recently answered the question in a round-a-bout way in a post discussing the “trap of the premature senior.” She’s responding to an email from someone who is considering leaving a job where they have worked themselves into a senior role. Her advice?
This might seem to be counter-intuitive, but it’s true. I really wanted to emphasize this one line—
Exactly! Knowing the CLI for one vendor’s gear, or even two vendor’s gear, is not nearly the same as understanding how BGP actually works. Quoting the layers in the OSI model is just not the same thing as being able to directly apply the RINA model to a real problem happening right now. You’re not going to gain the understanding of “the whole ball of wax” by staying in one place, or doing one thing, for the rest of Continue reading
Each week Network Break runs vendor press releases through our patented ML algorithms to strip out the marketing & buzzwords. It doesn't leave us much to work with, but we do our best. Today's episode covers Apstra's IBN support for the SONiC NOS, IBM's purchase of APM newcomer Instana, VMware's furthering of its networking ambitions, a startup building 5G chips for the edge, and more.
The post Network Break 311: Apstra Gets Loud About SONiC; VMware Sinks More Hooks Into Networking appeared first on Packet Pushers.
Great heights: As his classes move online, Russian student Alexei Dudoladov has to climb a birch tree to get Internet access, Reuters reports. The student at the Omsk Institute of Water Transport, which is nearly 1,400 miles east of Moscow, says his home Internet service is not strong enough to connect to online classes. “I need to go into the forest 300 meters from the village and climb a birch tree that is eight-meters high … and I get on Zoom to speak to professors and prove that I am not skipping class for no reason.”
Even greater heights: Meanwhile, the Ector County Independent School District in Odessa, Texas, is hoping that the new SpaceX satellite Internet service will help give students and teachers better Internet access, Education Dive says. The district is the first in the U.S. to work with SpaceX’s Starlink Internet service. A pilot project in early 2021 will include 45 families with students or teachers in the district.
Cybersecurity boss fired: U.S. President Donald Trump, who continues to insist he was the victim of massive nationwide voting fraud in his recent election loss to Joe Biden, has fired Christopher Krebs, who led the federal Continue reading
A while ago (eons before AWS introduced Gateway Load Balancer) I discussed the intricacies of AWS and Azure networking with a very smart engineer working for a security appliance vendor, and he said something along the lines of “it shows these things were designed by software developers – they have no idea how networks should work.”
In reality, at least some aspects of public cloud networking come closer to the original ideas of how IP and data-link layers should fit together than today’s flat earth theories, so he probably wanted to say “they make it so hard for me to insert my virtual appliance into their network.”
Tom Hollingsworth wrote another must-read blog post in which he explained what one should do before asking for help:
If someone comes to me and says, “I tried this and it failed and I got this message. I looked it up and the response didn’t make sense. Can you tell me why that is?” I rejoice. That person has done the legwork and narrowed the question down to the key piece they need to know.
In other words (again his), do your homework first and then ask relevant questions.
SONiC is a network OS that can run on a variety of whitebox switches. Originally developed by Microsoft, SONiC is now an open-source project with distributions that target hyperscale and enterprise environments. Today's Heavy Networking is a deep dive into SONiC with Dave Maltz, a Technical Fellow at Microsoft who has been closely involved with SONiC's development. While Microsoft is a SONiC backer, this is an unsponsored episode.
The post Heavy Networking 551: An Insider’s Guide To The SONiC Network OS appeared first on Packet Pushers.
Benchmark tests measure a repeatable set of quantifiable results that serve as a point of reference against which products and services can be compared. Since 2018, Alexis Ducastel, a Kubernetes CKA/CKAD and the founder of InfraBuilder, has been running independent benchmark tests of Kubernetes network plugins (CNI) over a 10Gbit/s network.
The latest benchmark in this periodic series of tests was published in September, and was based on CNI versions that were up-to-date as of August 2020. Only CNIs that can be set up with a single yaml file were tested and compared, and included the following:
We are thrilled to report that among all of the CNI’s tested, Calico was the clear winner, excelling in nearly every category and delivering superlative results which are summarized in the chart below. In fact, Calico is the CNI of choice in the primary use cases presented by the author in the report’s summary.
The exceptional performance of Calico encryption was described as having the “real wow effect” among all of Continue reading
Today's Tech Bytes dives into Pluribus Networks’ Linux-based Netvisor ONE OS for white box switches. We also discuss Pluribus’ Adaptive Cloud Fabric, a distributed, controllerless SDN solution for deploying and automating data center fabrics that promises simpler operations and a lower TCO. Our guest is Alessandro Barbieri, VP of Product Management.
The post Tech Bytes: Pluribus Rethinks Open Networking For Better Programmability, TCO (Sponsored) appeared first on Packet Pushers.
The Internet is the quintessential example of collaboration across stakeholders and geographic boundaries resulting in both economic gain and seismic innovations. Yet as the Internet evolves it is increasingly regulated by nation states as they claim sovereignty over one issue or another, and dominated by a few large players.
For those that have been in the industry for more than a couple of years, you will remember when Microsoft retired the very powerful and well-documented security bulletins back in 2017. At the time, we felt that it was a severe reduction in the availability of information; Microsoft was suddenly communicating much less information.
If you’re an IT security professional, mastering mystifying terminology and arcane acronyms is a rite of passage — maybe even a badge of honor. But there’s one unusually blunt cybersecurity term anyone can understand — the “kill chain.” A successful attack (the “kill”) doesn’t just happen.
First things first: Go watch this great video on lock-in from Ethan Banks (@ECBanks). We’ll reference it.
Welcome back. Still carrying that pitchfork around screaming about how you want to avoid vendor lock-in? Ready to build the most perfect automation system in history that does multi-cloud, multi-vendor, multi-protocol networking in a seamless manner with full documentation? Nice. How hard was is to build that unicorn farm?
I get it. No one wants to be beholden to a specific vendor. No one likes being forced into buying things. Everyone hates the life of the engineer forced to work on something they don’t like or had to use because someone needed a new boat. Or do they?
What kind of car do you drive? Odds are good you’re either ready to get a new one or you’re proud of what you’re driving. I find that the more flashy a car is the more likely people are to talk about how amazing it is. And when there are two dominant manufacturers in a market for cars, you tend to see people dividing into camps to sing the praises of their favorite brands. Ford people love their Continue reading
Maintaining a server fleet the size of Cloudflare’s is an operational challenge, to say the least. Anything we can do to lower complexity and improve efficiency has effects for our SRE (Site Reliability Engineer) and Data Center teams that can be felt throughout a server’s 4+ year lifespan.
At the Cloudflare Core, we process logs to analyze attacks and compute analytics. In 2020, our Core servers were in need of a refresh, so we decided to redesign the hardware to be more in line with our Gen X edge servers. We designed two major server variants for the core. The first is Core Compute 2020, an AMD-based server for analytics and general-purpose compute paired with solid-state storage drives. The second is Core Storage 2020, an Intel-based server with twelve spinning disks to run database workloads.
Earlier this year, we blogged about our 10th generation edge servers or Gen X and the improvements they delivered to our edge in both performance and security. The new Core Compute 2020 server leverages many of our learnings from the edge server. The Core Compute servers run a variety of workloads including Kubernetes, Kafka, and various smaller services.
|Previous Continue reading|
After explaining why you should focus on defining the problem before searching for a magic technology that will solve it, I continued the Focus on Business Challenges First presentation with another set of seemingly simple questions: